Comcastic Web Intrusion
(Internet • Technology)
Beginning earlier this month, I was surprised when, after apparently mistyping the URL of a web site, I did not receive the customary “could not locate remote server” message on my web browser.
What the fuck? I wondered, as I had clearly, somehow, wandered into a Comcast web site consisting mostly of Yahoo search results. For which I had no use and had not requested.
It took a few seconds of reading to realize that Comcast, still, unfortunately, my Internet service provider, has been monkeying with the Internet’s Domain Name System. Since around July 9, as it turns out, Comcast has hijacked the eyeballs of customers in its markets across the country and forced them onto its own web site any time they mistype a domain name.
Perhaps unsurprisingly, Comcast tries to disguise this marketing ploy as a “service,” you know, “to help high-speed Internet customers get where they want to go online even faster and easier than before.” Beside the fact that Comcast didn’t notify customers up front in any meaningful way before pulling this stunt, and that DNS redirection actually confuses most people and slows down their attempt to get where they want to go, and the fact that this is an obvious marketing ploy (else why brand the rediret page with Comcast and Yahoo logos) – beside all that, there are Internet-specific mechanical reasons why DNS redirection is a really bad idea.
The non-profit Internet Corporation for Assigned Names and Numbers, which coordinates the web’s maze of unique domains and IP addresses, maintains a group of people of some expertise, called the Security and Stability Advisory Committee. As you might imagine, their task is to advise ICANN on matters involving the security and stability of the Internet.
Here are some of the conclusions they reached six years ago, when VeriSign pulled a DNS-redirection stunt similar to this latest Comcastic venture:
“VeriSign’s change appears to have considerably weakened the stability of the Internet, introduced ambiguous and inaccurate responses in the DNS, and has caused an escalating chain reaction of measures and countermeasures that contribute to further instability.”“VeriSign’s change has substantially interfered with some number of existing services which depend on the accurate, stable, and reliable operation of the domain name system.”
“Anti-spam services relied on the RCODE 3 response to identify forged email originators. “
“In some environments the DNS is one of a sequence of lookup services. If one service fails the lookup application moves to the next service in search of the desired information. With this change the DNS lookup never fails and the desired information is never found.”
“VeriSign’s action has resulted in a wide variety of responses from ISPs, software vendors, and other interested parties, all intended to mitigate the effects of the change. The end result of such a series of changes and counterchanges adds complexity and reduces stability in the overall domain name system and the applications that use it. This sequence leads in exactly the wrong direction. Whenever possible, a system should be kept simple and easy to understand, with its architectural layers cleanly separated.”
Eventually, I imagine, the folks at ICANN will reach the same conclusion about Comcast. In the meantime, if you’d like to have your web browser work the way it used to, you can actually opt out of this Comcastic “service.” While the company never made this information available to me, the opt out is here.
Those Internet service providers who fail to study historical web mis-steps are destined, so it would seem, to repeat them.
→ B.Dunn, Jul 29, 2009, 05 12 am
Bob, I’ve bene using OpenDNS for years with the redirecting and filtering turned off, and I love it. Still see classic 404 pages and it seems a little faster too.
— Lach Jul 31, 08:30 am #
---------------------
